Hi,
Deepak has provided a working patch where he removed the 'Customized Cookies'
feature of https://github.com/ketanmistry/ihavecookies
To compare apply the patch (directly on ecommerce component for now) load
ecommerce in OFBiz and compare with https://iamketan.com.au/
I'm unsure it would be helpful but should not our users be able by default to
have all the features?
Thanks
Jacques
Le 05/11/2018 à 05:43, Deepak Nigam a écrit :
FYI, here is the Jira ticket
<https://issues.apache.org/jira/browse/OFBIZ-10639> for further discussion
and research.
On Thu, Nov 1, 2018 at 3:02 PM Deepak Nigam <deepak.nigam1...@gmail.com>
wrote:
Thanks, Benjamin, Jacques.
Definitely, we will move forward only after studying OFBiz cookies in
depth. I just put initial thought came to my mind.
On Wed, Oct 31, 2018 at 9:03 PM Jacques Le Roux <
jacques.le.r...@les7arts.com> wrote:
Thanks Deepak, Benjamin,
We are indeed only concerned by the ecommerce webapps (both ecommerce and
ecomse). They are the sole to be public. The backend applications should
not
be concerned.
Actually, in ecommerce webapps, we use technical cookies: JSSESSIONID,
possibly cookie.domain and maybe jstree* ones. I believe they all fall in
the
exempt cases.
With OFBIZ-10635 I'm currently working on autoUserLoginId cookies. While
doing so I spotted that securedLoginId has the same duration (1 year) than
autoUserLoginId. I have reduced it to the browser session so it also
falls in the exempt cases. I'll commit that very soon.
I have not read all the details but I believe the only ones we should
think about are the autoUserLoginId and OFBiz.Visitor cookies. They
inherently
does not contain party data, but from the visitorId or userLoginId fields
it's possible to get to the party data. Not sure it's an issue as is,
because AFAIK we use only first‑party cookies[1] but the problem seems
their durations: one year.
[1]
https://www.opentracker.net/article/third-party-cookies-vs-first-party-cookies
Jacques
Le 31/10/2018 à 14:05, Benjamin Jugl a écrit :
Hello all,
just before you go in head over heels, please consider the following:
"However, some cookies are exempt from this requirement. Consent is
not required if the cookie is:
* used for the sole purpose of carrying out the transmission of a
communication, and
* strictly necessary in order for the provider of an information
society service explicitly required by the user to provide that
service.
Cookies clearly exempt from consent according to the EU advisory
body on data protection- WP29pdf
<
http://ec.europa.eu/justice/data-protection/article-29/documentation/opinion-recommendation/files/2012/wp194_en.pdf
include:
* *user‑input* cookies (session-id) such as first‑party cookies to
keep track of the user's input when filling online forms,
shopping carts, etc., for the duration of a session or
persistent cookies limited to a few hours in some cases
* *authentication* cookies, to identify the user once he has
logged in, for the duration of a session
* *user‑centric security* cookies, used to detect authentication
abuses, for a limited persistent duration
* *multimedia content player* cookies, used to store technical
data to play back video or audio content, for the duration of a
session
* *load‑balancing* cookies, for the duration of session
* *user‑interface customisation* cookies such as language or font
preferences, for the duration of a session (or slightly longer)
* *third‑party social plug‑in content‑sharing* cookies, for
logged‑in members of a social network."
(http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm)
Does OFBiz even set other cookies? If yes, for what are they needed?
Kind regards, Benjamin Jugl
On 31.10.18 13:11, Deepak Nigam wrote:
Hello All,
The Cookie Law is a piece of privacy legislation that requires
websites to
get consent from visitors to store or retrieve any information on their
computer, smartphone or tablet. It was designed to protect online
privacy,
by making consumers aware of how information about them is collected
and
used online, and give them a choice to allow it or not.
The EU Cookie Legislation began as a directive from the European Union.
Some variation on the policy has since been adopted by all countries
within
the EU.
The EU Cookie Legislation requires 4 actions from website owners who
use
cookies:
1. When someone visits your website, you need to let them know that
your
site uses cookies.
2. You need to provide detailed information regarding how that cookie
data
will be utilized.
3. You need to provide visitors with some means of accepting or
refusing
the use of cookies in your site.
4. If they refuse, you need to ensure that cookies will not be placed
on
their machine.
For more information about EU cookie policy, please visit here
<http://ec.europa.eu/ipg/basics/legal/cookies/index_en.htm>.
As this crucial feature is missing in OFBiz E-Commerce application, we
should work towards its implementation. There are numerous open-source
jQuery plugins available which we can use. Thoughts?
Thanks & Regards
--
Deepak Nigam
HotWax Systems Pvt. Ltd.
